How Putin helped Congress rally behind cybersecurity legislation

As the Western world continued to rally against Russian President Vladimir Putin’s unprovoked invasion of Ukraine, the Senate set aside its partisan differences Tuesday to overwhelmingly pass a set of bills aimed at strengthening American cybersecurity resolve. The voice vote, which came hours before President Joe Biden’s State of the Union address, followed months of political disagreements over nitty-gritty details of the bill.

The legislation, which still must pass the House, includes a new requirement that private organizations in “critical infrastructure” sectors—energy, health care, and communications, to name a few—must notify the Department of Homeland Security about significant cyberattacks within 72 hours and ransomware payments within 24 hours. 

The bill’s sponsors argue this information will help federal agencies better combat cybersecurity threats of national importance, while also giving federal legislators more information as they craft tech policy.

The bill also includes language that better defines the roles of top government cyber defense officials, The Record reported Tuesday.

“With the mounting threat of Putin launching more cyberattacks against Ukraine or even the U.S., there has never been a more critical time to act to strengthen our cyber defenses,” Senate Intelligence Committee Chairman Mark Warner (D-Va.) tweeted Tuesday. 

Legislators from both parties initially introduced versions of the legislation last year following the SolarWinds attack of 2020, in which hackers penetrated dozens of corporate networks through a buggy software update. Federal and corporate investigators have pinned that attack on Russian hackers with ties to the Kremlin.

The December 2021 discovery of a major software vulnerability in a commonly used open-source tool, known as Log4j, added more momentum to the push. No large companies or governmental agencies have disclosed attacks tied to the security lapse, though cybersecurity experts have cautioned that hackers may be lying in wait after gaining access to networks.

Federal legislators nearly passed the legislation late last year, but the proposals were stripped from a major defense appropriations bill amid last-minute debates over who must report hacks and how quickly they must notify Homeland Security officials.

Since then, however, the ground has shifted under Washington. 

As Putin built up forces around Ukraine, security experts warned about the potential for widespread cyberattacks targeting Ukraine and its allies. While the Associated Press reported Tuesday that Russia’s cyber offensive “hasn’t had much of a noticeable impact” in Ukraine yet, legislators are getting a taste of the fears wrought by modern cyber warfare. 

In one notable case, the Financial Times reported, unnamed Japanese officials fear—but cannot yet confirm—that Russian hackers launched a ransomware attack on an automotive supplier as retaliation for the country’s imposing Ukraine-related sanctions. The ambush caused a one-day shutdown of all Toyota plants in Japan.

The bill scales back some of the reporting requirements and timelines sought by legislative sponsors last year. For instance, organizations required to report hacks would have three days, rather than one day, to notify federal officials. 

Those concessions appear to have helped garner support for the legislation from the Information Technology Industry Council, an advocacy group for many Big Tech firms, which applauded the bill’s passage Tuesday after opposing tighter reporting deadlines.

Still, it’s a textbook case of not letting perfect be the enemy of good. If the bill reaches President Biden’s desk—a decent likelihood given the House’s support last year for many of its provisions—America should become a little bit safer in an increasingly dangerous world.

Want to send thoughts or suggestions for Data Sheet? Drop me a line here.

Jacob Carpenter

NEWSWORTHY

A mixed bag. President Biden underlined several tech-related legislative priorities Tuesday during his State of the Union address, showing support for domestic semiconductor companies and union advocates while taking swipes at Big Tech firms, Protocol reported. Biden used his speech to call for passage of the CHIPS Act, which would provide tens of billions of dollars in government subsidies to the semiconductor industry, and a bill that would help gig workers unionize. He also pushed for breakthroughs on stalled legislation related to online privacy and safety, and reiterated his commitment to early antitrust enforcement efforts that have targeted Facebook parent Meta and Nvidia, among others.

No more iPhones for you. Apple suspended product sales in Russia on Tuesday as part of a growing tech revolt against the federation’s invasion of Ukraine. The move comes one week after Apple halted exports into Russia, in line with U.S. sanctions that targeted Russia’s ability to import tech-related products and supplies. Apple’s smartphone market share in Russia totaled about 15% in early 2021, according to Counterpoint Technology Market Research.

Amping up the pressure. Social media platforms and app store developers continued Tuesday to impose new restrictions on Russia, aiming to stem the spread of pro-Kremlin propaganda online. Apple announced that two Russian state-sponsored media outlets, RT News and Sputnik News, were no longer available for download from its iOS App Store outside Russia. Alphabet also took aim at the two outlets in its European Union markets, as Google removed their apps from its Android Play Store and YouTube blocked them from its platform, per TechCrunch and Politico. Facebook officials added that the platform will stop recommending content from Russian state media organizations and start demoting those outlets in the platform’s main feed, The Verge reported.

A new focus. Ford announced Tuesday that the company will split its auto manufacturing operations into two separate units, with one side focused on electric vehicles and the other working on combustion engine vehicles, Bloomberg reported. Company executives said the divide will help accelerate Ford’s move into the electric vehicle market, spurred by a $50 billion investment in the division between 2022 and 2026. Ford shares rose 4% in midday trading Wednesday following the announcement.

FOOD FOR THOUGHT

Getting it done. If a Silicon Valley giant takes some kind of action against Russia, chances are Mykhailo Fedorov called for it in the prior 48 hours. As the Washington Post writes in a profile of Fedorov, the 31-year-old Ukrainian deputy prime minister has skillfully used Twitter to prod Apple, SpaceX, Meta, Google, cryptocurrency exchanges, and other Big Tech power players into action. The top bureaucrat, who is responsible for digital transformation in Ukraine, now boasts 178,000 Twitter followers after showing fewer than 100 in early 2021.

From the article:

As Russian missiles rain down on Ukraine, Fedorov has launched his own pressure campaign, tweeting at some of the world’s most powerful tech companies to take action to shut down Russian propaganda and disconnect Russia from the rest of the world. In the process, he has become the chief agitator of an industry that has long been reluctant to bend to political demands in any country or conflict, and he’s done it without enacting laws or using economic leverage.

According to his deputy minister, Alex Bornyakov, Fedorov has pressed about 50 companies for aid while his staff has worked behind the scenes with a network of Ukrainian expats and regulators from other countries to get the companies to act.

IN CASE YOU MISSED IT

Elon Musk is fuming after President Biden snubbed Tesla once again during his State of the Union address, by Nicholas Gordon

Apple to increase COVID-19 testing for vaccinated retail employees, by Mark Gurman and Bloomberg

Fitbit recalls 1 million smartwatches for burn hazard, by Chris Morris

People are using A.I. to remodel their homes way faster, by Stephanie Cain

Microsoft CEO Satya Nadella’s son died at age 26. Here’s what he taught the leader about empathy, by Jane Thier

MIT’s retreat from a Russian research partnership exposes a deeper U.S. security flaw, by Jeffrey Sonnenfeld, Anjani Jain, and Steven Tian

BEFORE YOU GO

Flying high. After successfully grinding the gears of Elon Musk, 19-year-old Jack Sweeney has set his sights on a new target: Russian oligarchs. The Wall Street Journal reported that Sweeney, who made news last month after his Twitter bot tracking Musk’s private plane led to an apparent cease-and-desist request from the Tesla founder, has launched a similar tool monitoring the whereabouts of roughly 30 jets purportedly owned by ultrarich Russians and President Vladimir Putin. Just like @ElonJet, which amassed nearly 400,000 followers, there’s an appetite for Sweeney’s feed. The @RUOligarchJets and @PutinJet accounts boast about 320,000 followers already.